This problem started a few days ago. Our Windows 2008 R2 DNS server is resolving names very slow. The CPU/Memory load on the server is normal. It can take up to 5-10 seconds to resolve a name when I ping or browse the web. Any IP address I ping replies immediately. I've changed my DNS to google servers and names resolve instantly, which is why I believe this is a problem with our servers. We have not changed anything on the server. I've also tried a reboot but the problem still exists.

I've tried browsing other forums and I'm unable to find where to even start looking. The only suggestion I saw was to remove any non existing forwarders, but that is not the problem here.

Can anyone point me in the right direction to troubleshoot this?

Thanks

Hi Chadd,

I've changed my DNS to google servers and names resolve instantly,

Is your Windows 2008 R2 a domain controller hosting DNS service? If yes, can we know ipconfig /all of your DNS server?

Ideally, your DNS servers preferred DNS ip should be its own IP address and not any ISP ip address. If you have changed this, please revert it. Additionally, you can configure your ISP ip as forwarders in your DNS.

-Umesh.S.K

It can take up to 5-10 seconds to resolve a name when I ping or browse the web.

Is this webserver in public DNS? Where did you change DNS ? On the client machine?

Basically, when you give ISP DNS IP on your client machine, your client machine searches the webserver name in public DNS directly over the internet. Otherwise, your local DNS performs recursive search by forwarding the request to your ISP DNS through forwarders. There could be some delay in getting name resolution response from your ISP DNS.

Now, do you get delayed response when you try resolving your local machine / server names? Can you check the latency between your client and DNS server by ping test?

-Umesh.S.K

Hi ChaddG,

You could try to start by changing the used DNS server set as a forwader and check results.

If this does not help, I would recommend using a DNS forwarding timeout that is equal or higher to 5 using the /TimeOut switch.

https://technet.microsoft.com/en-us/library/cc773370%28WS.10%29.aspx?f=255&MSPPError=-2147217396

Best Regards,

Mary Dong

This problem started a few days ago. Our Windows 2008 R2 DNS server is resolving names very slow. The CPU/Memory load on the server is normal.

It can take up to 5-10 seconds to resolve a name when I ping or browse the web.

Any IP address I ping replies immediately. I've changed my DNS to google servers and names resolve instantly, which is why I believe this is a problem with our servers. We have not changed anything on the server. I've also tried a reboot but the problem still exists.

I've tried browsing other forums and I'm unable to find where to even start looking. The only suggestion I saw was to remove any non existing forwarders, but that is not the problem here.

Can anyone point me in the right direction to troubleshoot this?

Thanks

I assume internal resolution performance is fast compared to external resolution. If the answer is yes to that, then I think it's an EDNS0 issue.

Heres a quick nslookup command to test if theres an EDNS0 restriction in your firewall:
nslookup -type=TXT rs.dns-oarc.net

Or if you want to test a specific DNS server for EDNS0 support, whether an internal or external DNS server, use the following method:

c:\>nslookup
> server 4.2.2.2 <- you can change this IP to whatever DNS server you want to test for EDSN0 support
> set q=txt
> rs.dns-oarc.net

Look for the part in the response that says, DNS reply size limit is at least xxxx. The xxxx is what it will support. If its under 512, then it is blocking EDNS0 or the Forwarder you are using is blocking or not allowing/configured to use EDNS0.

Post your results from the above test, please.

Please read up on it in my blog. Let me know if you have any questions.

EDNS0 (Extension mechanisms for DNS)
http://blogs.msmvps.com/acefekay/2010/10/11/edns0-extension-mechanisms-for-dns/